<div class="stripe">
  <h1>Legal matters</h1>

  <h2>Table of contents</h2>

  <ol>
    <li><a href="#privacy">Privacy policy</a></li>
    <li><a href="#terms">Terms of service</a></li>
  </ol>

  <h2>Privacy policy <a id="privacy" href="#privacy">#</a></h2>

  <p>
    <%= get_conf(:site_name) %> stores user data to provide its services. This document describes the data storage and usage policies.
  </p>

  <h3>Name and contact details of the personal data register holder</h3>

  <dl>
    <dt>Name</dt>
    <dd>Mikko Ahlroth</dd>

    <dt>Email address</dt>
    <dd>mikko.ahlroth ⓐⓣ gmail.com</dd>
  </dl>

  <p>
    Inquiries about the register and the data contained should be directed to the above addresses.
  </p>

  <h3>Name of the register</h3>

  <p><%= get_conf(:site_name) %> (later "the service") user database.</p>

  <h3>Location of the register</h3>

  <p>
    The user database is stored on a server hosted by <a href="https://www.online.net/en">Online SAS</a> in France.
  </p>

  <h3>The purpose of data collection</h3>

  <p>
    Data is collected about the users of the service to enable and improve the service's functionality. User data is not used for any other purpose.
  </p>

  <h3>Data contained in the register</h3>

  <p>
    The service collects the following data from the users:
  </p>

  <ul>
    <li>
      Username and password for authentication purposes.
    </li>
    <li>
      Email address (optional) for notifying the user about important announcements related to the service and for account recovery in the case of a lost password.
    </li>
    <li>
      IP addresses and browser user agent strings from both authenticated and unauthenticated users are stored in the server request logs for 4 weeks. They are used for statistical purposes and abuse prevention.
    </li>
  </ul>

  <h3>Data sources</h3>

  <p>
    All data is provided by the user. No data is collected from other sources.
  </p>

  <h3>Sharing of data with 3<sup>rd</sup> parties</h3>

  <p>
    Data is never shared with 3<sup>rd</sup> parties, except in the following cases:
  </p>

  <ul>
    <li>to send an email to a user from the service (the email address and the contents of the email must be transferred to the email delivery service), or</li>
    <li>to comply with an official, legal, written order from the Finnish authorities to release customer data.</li>
  </ul>

  <h3>Transfer of data to outside the EU or ETA</h3>

  <p>
    Data will not be moved outside the EU or ETA, except in the following cases:
  </p>

  <ul>
    <li>to send an email to a user from the service (the email address and the contents of the email must be transferred to the email delivery service).</li>
  </ul>

  <h3>Security of the register</h3>

  <p>
    Logins and communication with the server are secured with <abbr title="Secure Shell">SSH</abbr>. On the server, the database is protected by a further login known to only the register holder. Passwords in the database are hashed using <em>Bcrypt</em> with a randomized salt to prevent their decryption in case of a data breach. If a strong password is used, it cannot be feasibly decrypted.
  </p>

  <p>
    Physical security of the server in the datacenter is managed by Online SAS.
  </p>

  <h3>Register data requests</h3>

  <p>
    All users of the register have a right to request a copy of the data stored about them. To make such a request, send a free-form written request to the contact details provided above.
  </p>

  <h3>Note about analytics</h3>

  <p>
    The service uses Google Analytics to gather statistics about its use. The data is not used to track any single user. If you wish to prevent such data collection, you can use an extension such as <a href="https://support.google.com/analytics/answer/181881">Google Analytics opt-out browser add-on</a> or <a href="https://github.com/gorhill/uBlock">uBlock Origin</a> in your browser to block Google Analytics. Please refer to the <a href="https://support.google.com/analytics/answer/6004245?hl=en">Google Analytics data safeguarding page</a> for more information.
  </p>

  <p>
    Google does not have access to the data register itself.
  </p>

  <h3>Note about advertisements</h3>

  <p>
    The service may contain advertisements. These advertisements are handled by 3<sup>rd</sup> party advertisement providers. The advertisement providers may use the advertisements to collect certain information about the user. This collection of data and the behaviour of the advertisement providers are not under direct control of the service. If you suspect abuse from an advertisement provider, please contact the service administrators for assistance.
  </p>

  <p>
    Advertisement providers are never given access to the data register itself.
  </p>

  <h3>Note about email</h3>

  <p>
    Emails from the service are sent using either <a href="http://www.mailgun.com/">Mailgun</a> by Rackspace Inc, a US based company, or <a href="https://gmail.com/">Gmail</a> by Alphabet Inc, a US based company. This means user details contained in the emails (such as the user's email address) are sent to the email service as a necessary part of the email delivery process. If you do not wish to have your email address sent to either of these services, you can remove your email address in the preferences.
  </p>

  <h3>Changes to the privacy policy</h3>

  <p>
    This page holds the most up to date version of the privacy policy. We ask that you check this page for changes regularly. In the case of major changes to the policy, all users that have given their email address will be notified by email beforehand.
  </p>

  <p>
    This privacy policy was last changed on the 2<sup>nd</sup> of August 2016.
  </p>

  <h2>Terms of service <a id="terms" href="#terms">#</a></h2>

  <p>
    <%= get_conf(:site_name) %> (later "the service") is a free service. Using it is a privilege, not a right. There is no <abbr title="Service level agreement">SLA</abbr> promised or implied.
  </p>

  <p>
    The rules of using the service:
  </p>

  <ol>
    <li>Don't hammer or attempt to DoS the API or the server or you will be banned.</li>
    <li>Don't try to insert fake XP for yourself through the API.</li>
    <li>Don't be mean to other people.</li>
    <li>Do check the source code of the service and the plugins and suggest improvements.</li>
    <li>Have fun.</li>
  </ol>
</div>
